The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134)
- CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237)
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036)
- CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125)
- CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
- CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
- CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049).
- CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver...